Microsoft Confesses

Google, Facebook, Microsoft, Apple, et al. get to know practically everything about us over time. But unlike humans, their servers never forget, and data mining tools only get better. Advertisers, ID thieves, insurance companies, employers, whoever, and of course law enforcement are trying to get their hands on this data. Each in its own way. But law enforcement—we use the term loosely because we’re talking about countries around the world—can simply bully its way to the data.

Now Microsoft has suddenly decided to “respect human rights and the principles of free expression and privacy” and display a “commitment to transparency,” as it wrote, under pressure from the Electronic Frontier Foundation and coalition partners (letter). And so it joined Google, Twitter, and others in disclosing not what kind of voluminous user data it collects or which companies and affiliates have access to it, but how many law enforcement requests for user data it received.

Hence its new—and all cynicism aside, laudable—2012 Law Enforcement Requests Report. But Microsoft obfuscates about how often it gives out cryptographic secrets that would open up even encrypted user content to governments around the world.

Microsoft has operations in more than 100 countries but only surrenders data in those 46 where it has “the ability to validate the lawfulness of the request.” Hmmm. So it received 70,665 law enforcement requests or court orders worldwide, potentially impacting 122,015 users of its Internet and cloud services, such as Hotmail/Outlook.com, SkyDrive, Xbox LIVE, Microsoft Account, Messenger, and Office 365. Of them 11,073 and 24,565 respectively in the US.

Its subsidiary Skype, which is headquartered in Luxembourg and operates “pursuant to Luxembourg law,” received 4,713 requests, impacting 15,409 accounts. Of them, 1,154 and 4,814 respectively in the US, processed through Luxembourg.

In 18% of the requests, Microsoft didn’t disclose any customer data. In 2.2% of the requests, it disclosed everything, texts of emails, photos, encrypted documents stored on SkyDrive, etc. In the US, that would involve a judge. And in 79.8% of the cases, Microsoft only disclosed “non-content” data, that is, e-mail address, name, gender, age, IP, and so on. Innocuous stuff. These requests don’t involve a judge. But....

Microsoft dove into its encrypted services, including Skype, with a warning, “no communication method is 100% secure,” followed by a list of ways in which the encryption of Skype and other services could be compromised. But Microsoft was skillfully vague about a crucial issue: what else was included in that innocuous category of “non-content” data? Crypto keys?

They would allow a government that obtained them to open the encryption and get whatever data was there or listen to the conversation on Skype, for example. Were they considered “content” and thus part of the 2.2% that would require a judge? Or were they considered “non-content,” like gender, and thus part of the 79.8% that would not require a judge?

Experts weighed int. As the EFF pointed out, Christopher Soghoian, Principal Technologist and a Senior Policy Analyst with the Speech, Privacy and Technology Project at the ACLU, is worried. “Microsoft’s response on Skype is very carefully worded,” he wrote. “Leakage of crypto keys would, as phrased, not be considered release of content.”

Hence, it would fall into the “non-content” category. Like gender. Yet whoever gets the crypto keys gets everything. So those among the 600 million Skype users who still have the illusory confidence that their conversations and messages are secure have another reason to doubt it ... in the 46 countries where Microsoft might routinely disclose crypto keys to “law enforcement.”

The transparency report also included information on the number of National Security Letters Microsoft received since 2009. These NSLs are the nasty product of a provision in the notorious and bi-partisan Patriot Act that President Obama signed instead of vetoing it. With an NSL, the FBI can force a company in secret and without any prior judicial review to disclose private communications, data, and Internet activity of regular Americans. At the same time, an NSL gags the company and prevents it from even mentioning the existence of the NSL.

Last week, a federal judge in San Francisco found them unconstitutional and ordered the FBI to stop issuing them—an Order now on hold, pending appeal.

These NSLs are so tricky that Microsoft had to tiptoe into disclosing how many it had issued: “Pursuant to approval from the government,” it was only allowed to say that it had received between 1,000 and 1,999 NSLs affecting 3,000 to 3,999 accounts in 2011, and 0 to 999 NSLs affecting 1,000 to 1,999 accounts in 2012. That’s how secretive they are.

Every company we interact with accumulates information on us and stores it to be used and abused, sold, traded, or stolen. We accept it because alternatives, if we want to lead a modern life, are limited. Yet, we get the willies knowing that governments, ours or a foreign one, can get access to some of this information as well. Of course there are differences. For example, a company is less likely to rain missiles down on us from the latest and greatest drone while we’re surfing some non-mainstream-media macro site.

Desperate to halt its stock’s dismal slide since going public, Facebook has increasingly sought new ways to make more money and prove its worth. And so, as the builder of the largest “Big Data” treasure trove in history, Facebook is selling marketers and shady characters veiled access to its users’ deepest secrets. Read.... Outed By Facebook For Profit

EVERY large corporation is run by predators in cahoots with predators-DBA-government. Macroshaft is one of the worst, and has been for years. Trust no one, especially anyone with extensive reach and grasp. You know what they will grasp for.

I usually find your views valid but you missed it this time. Your villain Microsoft just burned their HUGE INVESTMENT in the cloud. Maybe you knew this but most of the CTO imperialist lackey running dogs I've had to deal with since '07 definitely do not. They just think and worse do whatever CIO magazinaganda tells them. That's what you get when you hire 'quotas' after insiders and the quotas get a critical mass. MSFT just did The Right Thing. Now figure out why. (long *) insiders[].

You misunderstood me. MSFT has a huge investment in cloud offerings, and now to their own detriment they are announcing to anyone who missed it that Big Brother has assumed control. They have no motive to do this selfless good deed; it would be a first. Its not about evil, it's about what their objectives are. Like last month when the Waltons cried about their sales while trying to get congress to break more laws in their favor. I bet Putzmeister was sucked into the public cloud... oops

Every major corporation and government in the West is owned and controlled by Biggest Finance Capital (BFC). BFC is the Grand Chess Master and the governments and the mega corporations and mega societal establishments are their chess pieces on their Grand Chess Board.

On the opposite end, well, nobody is there as they don't even comprehend there is a Grand Chess Board at all.

BFC is the controlling sovereign, every other major entity is subject to their powers.

No sovereign nation, by definition, would borrow, at interest, money from a private cartel in order to fund the nation's money supply.

Napoleon understood this well...

“When a government is dependent upon bankers for money, they and not the leaders of the government control the situation, since the hand that gives is above the hand that takes. Money has no motherland; financiers are without patriotism and without decency; their sole object is gain.”? Napoleon Bonaparte

POL [1258a39] (Jowett) There are two sorts of wealth-getting, as I have said; one is a part of household management, the other is retail trade: the former necessary and honorable, while that which consists in exchange is justly censured; for it is unnatural, and a mode by which men gain from one another. The most hated sort, and with the greatest reason, is usury, which makes a gain out of money itself, and not from the natural object of it. For money was intended to be used in exchange, but not to increase at interest. And this term interest, which means the birth of money from money, is applied to the breeding of money because the offspring resembles the parent. Wherefore of all modes of getting wealth this is the most unnatural.

My guess is Debt Money Tyranny was going along long before Aristotle - does anyone have any prior quotes?

My guess is Debt Money Tyranny was going along long before Aristotle - does anyone have any prior quotes?...

Let’s see, Socrates taught Plato who taught Aristotle, (who taught Alexander the Great), during the 400 years between the Old and New Testaments of the Bible.And several hundred years before the end of the Old Testament, examples regarding justice, gifts, taxes and usury, (or the collection of money from money) were recorded in books of law the church holds as sacred.I’m sure there are those who can provide many more but here are few:

Genesis 14:17-24

After Abram returned from defeating Kedorlaomer and the kings allied with him, the king of Sodom came out to meet him in the Valley of Shaveh (that is, the King’s Valley).Then Melchizedek king of Salem brought out bread and wine. He was priest of God Most High, and he blessed Abram, saying,

“Blessed be Abram by God Most High,Creator of heaven and earth.And praise be to God Most High,who delivered your enemies into your hand.”

Then Abram gave him a tenth of everything.

The king of Sodom said to Abram, “Give me the people and keep the goods for yourself.”

But Abram said to the king of Sodom, “With raised hand I have sworn an oath to the Lord, God Most High, Creator of heaven and earth,that I will accept nothing belonging to you, not even a thread or the strap of a sandal, so that you will never be able to say, ‘I made Abram rich.’I will accept nothing…

Exodus 22:25-27

“If you lend money to one of my people among you who is needy, do not treat it like a business deal; charge no interest.If you take your neighbor’s cloak as a pledge, return it by sunset,because that cloak is the only covering your neighbor has. What else can they sleep in? When they cry out to me, I will hear, for I am compassionate.

Exodus 23:1-9

“Do not spread false reports. Do not help a guilty person by being a malicious witness.

“Do not follow the crowd in doing wrong. When you give testimony in a lawsuit, do not pervert justice by siding with the crowd, 3 and do not show favoritism to a poor person in a lawsuit.

“If you come across your enemy’s ox or donkey wandering off, be sure to return it.If you see the donkey of someone who hates you fallen down under its load, do not leave it there; be sure you help them with it.

“Do not deny justice to your poor people in their lawsuits.Have nothing to do with a false charge and do not put an innocent or honest person to death, for I will not acquit the guilty.

“Do not accept a bribe, for a bribe blinds those who see and twists the words of the innocent.

“Do not oppress a foreigner; you yourselves know how it feels to be foreigners, because you were foreigners in Egypt.

Exodus 30:11-16

Then the Lord said to Moses,“When you take a census of the Israelites to count them, each one must pay the Lord a ransom for his life at the time he is counted. Then no plague will come on them when you number them. Each one who crosses over to those already counted is to give a half shekel according to the sanctuary shekel, which weighs twenty gerahs. This half shekel is an offering to the Lord.All who cross over, those twenty years old or more, are to give an offering to the Lord.The rich are not to give more than a half shekel and the poor are not to give less when you make the offering to the Lord to atone for your lives.Receive the atonement money from the Israelites and use it for the service of the tent of meeting. It will be a memorial for the Israelites before the Lord, making atonement for your lives.”

My understanding is debt money is nothing more than an indication of a society’s reliance on a system destined to fail.Trusting on the gold in the temple to withstand the demands of the creditor is as preposterous as believing the gold arrived at the temple by virtue of one’s birth.Gold's gravitational pull tends to gather where justice is valued, where it can be used for free trade and as verification of trust rather than a weapon of tyranny that accepts the death of miscreants jumping from windows of the buildings they use to oppress others.

There are two very different applications of usury. This distinction, while critical, is lost in the noise of history... perhaps even concealed therein.

1. The money supply itself lent at interest to the nation state.

2. Money issued by the state interest free and then lent out, at interest, by people who have accumulated money to lend to others - this is what all the economics and business text books imply about our monetary system. The ramifications of the fatal flaw #1 brings to society (big win for money lenders, though) is hidden... even from the high level servants of the money defining and lending classes.

Aristotle didn't make the distinction between #1 and #2, at least as afar as I've been able to dig up. Neither do those Biblical quotes.

While #2 will create societal problems, #1 is by far the larger problem as displayed in the following chart:

#1 is prima facia fraud from the get to - a systematic way for the money definers and controllers to loot their host society and seize near absolute control of their governments.

Let us not bankrupt our todays by paying interest on the regrets of yesterday and by borrowing in advance the troubles of tomorrow.Ralph W. Sockman

When the money supply itself is debt, the citizen has no choice but to go down the road of debt and usury because that is what creates their money. In this context, the absurdity of what Pete Stark is claiming is actually true!

The more debt America has, the more monetary wealth it has because monetary wealth **is** debt!

My people perish for lack of knowledge - the chumptocracy in all its glory. I've talked to high level executives that are so ignorant they defend money as debt - Debt Money Tyranny and think they are some kind of sophisticate for doing so!

I have been working with neighbors to build our own private network where we own and run our own landlines/physical connection to each other. It's a lot of digging but the concept of pure privacy and sharing amongst only ourselves is all too rewarding. One house at a time.

I'm using Linux. It does what I need it to and if not I have a PC I can use for video editing and AutoCad. But Linux is my main computer OS.

The fools in the corporations and banks are driving everyone to rely on alternative goods and services. That is a good sign when the banks and corporations fail a whole new set of ideas and tech is waiting to bring about more sustainable, democratic and beneficial future.

Year 12 of linux here. A lot of security scares, trojans, etc have come and gone in that time. You can easily set up a second system to shadow the first and watch network connections to identify any rogue network events as well. For the really secure stuff I have a air-gapped netbook (wireless card removed.)

In this environment the old X-Files tagline of "trust no one" applies double. I agree, the commercial entities have evolved into such draconian creatures -- either on their own, or at the behest of governments -- that they're driving customers away, and more and more people are waking up to downside of depending on big brother for their technology.

They're more likely to get your password by tricking you, say with a little dialog box asking you to re-authenticate. If you're really interesting they can always break into your house and install hidden cameras or listening devices (or hardware keyloggers). Strong crypto is designed to be, well, hard to break (don't roll your own crypto.. let the math brains do it).

On the other hand there are those man-in-the-middle applications that make you think you're connected directly to a remote server, all the while they record everything you do. I suspect certain gov't contractors are perfecting those (or have already done so). I seem to recall an industry move toward software which writes the software. If they're not careful the thing will develop its own consciousness.. next thing you know terminator will show up at your doorstep.. security through obscurity will be the new buzz.

Wrong. The only way a cryptokey would be compromised in this way (for Bitcoin or anything else) would be if you sent the unencrypted key to someone using Skype or Hotmail. Duh. The other way would be to combine the largest 50 supercomputers in the world and have them run for 33 years together trying to work out the problem. Go ahead.

There are other issues with Bitcoin security but this is not one of them.

Actually, 33 years underestimates the mean time to bruteforce a good security cascade by a bajillion gajillion years. (I can used made-up "illions" because the actual number of years is 3x10^51, i.e., more than 30 orders of magnitude larger than the largest SI unit ["yotta"]).

The amount of electricity required to brute-force just one layer of AES256 exceeds the generating capacity of the entire planet, in perpetuity. This should not be confused with the Von Neumann-Landauer limit - the theoretical minimum amount of electricity needed just to switch through the keys - which would 'only' take 1% of global energy production (but add the computing required to check each key and the amount of energy escalates hyperbolically).

AES256 - properly implemented and using a password that is not amenable to dictionary hacks - is secure. An AES256/Twofish/Serpent cascade with several keyfiles (of which one stored airgapped) can effectively be said to be non-brute-forceable. Add in deniable hidden partitions and steganography (hiding files within files) and the bad guys (.gov, in case you're wondering) dont' have a chance.

If your operating system is closed-source, all bets are off and you deserve whatever happens to you. If your OS is made by a US firm (i.e., Microsoft, Sun or Apple) and is closed source, you should behave as if every keystroke you hit is sent to an NSA server. Or change OSes to something more secure.

I recall a recent article by Taleb where he observes that so much information leads to less reliable conclusions. I imagine that super-ginormous amounts of data would lead to almost completely useless results.

So not only are they running around like stuck chickens replacing their computers 800 times per year, but their algos are spewing out zillions of false positives (must be why they're treating us all like terrorists), and the poor analysts forced to actually look at some of the data streams are rapidly going blind from all the porn flying past them.

One of the very big reasons that we turned off the TV in our home. Practically every "show" had some LEO and/or "justice" plot or angle. All the while I couldn't keep up with the latest cop brutality incidents or suspect railroaded reveals. The Duke case was a bellwether in that regard. Sickening.

And if you are a cop, "justice" official, judge, etc. reading this, mind your oath, because the guillotine is minding you. hujel